Description of problem:
As documented, SSLSocket.getpeercert() should provide access to the Subject Alternate Name field from the peer's certificate. A bug in python will result in the Subject Alternate Name field to not be available to the application.
This could cause a false authentication failure if the application performs certificate hostname checking.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. python client connects to SSL server which has a SAN in its certificate
2. Have python access the certificate via getpeercert()
3. The returned map should have an entry for 'subjectAltName'
No entry for 'subjectAltName'
The map contains a 'subjectAltName' entry with a value that matches the SAN from the peer certificate.
The fix for this bug is straightforward, and has been fixed upstream in 2.7.3. See http://bugs.python.org/issue13034
This patch will work ok with RHEL 6 Python 2.6.
Created attachment 759603 [details]
Fix backported from 2.7
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.